From: David Mulder <dmulder@suse.com>
Date: Tue, 2 Feb 2021 19:33:11 +0000 (-0700)
Subject: gpo: Apply Group Policy Startup Scripts from VGP
X-Git-Tag: tevent-0.11.0~1731
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=15cec2ac4d7af0fa82c21d0109607aa63c86c15a;p=thirdparty%2Fsamba.git

gpo: Apply Group Policy Startup Scripts from VGP

Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
---

diff --git a/python/samba/vgp_startup_scripts_ext.py b/python/samba/vgp_startup_scripts_ext.py
index 2bba29dd64c..cc5c8682019 100644
--- a/python/samba/vgp_startup_scripts_ext.py
+++ b/python/samba/vgp_startup_scripts_ext.py
@@ -15,13 +15,110 @@
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
 import os
-from samba.gpclass import gp_xml_ext
+from samba.gpclass import gp_xml_ext, check_safe_path
+from tempfile import NamedTemporaryFile
+from samba.common import get_bytes
+from subprocess import Popen, PIPE
+
+intro = b'''
+### autogenerated by samba
+#
+# This file is generated by the vgp_startup_scripts_ext Group Policy
+# Client Side Extension. To modify the contents of this file,
+# modify the appropriate Group Policy objects which apply
+# to this machine. DO NOT MODIFY THIS FILE DIRECTLY.
+#
+
+'''
 
 class vgp_startup_scripts_ext(gp_xml_ext):
+    def __str__(self):
+        return 'VGP/Unix Settings/Startup Scripts'
+
     def process_group_policy(self, deleted_gpo_list, changed_gpo_list,
                              cdir='/etc/cron.d'):
-        pass
+        for guid, settings in deleted_gpo_list:
+            self.gp_db.set_guid(guid)
+            if str(self) in settings:
+                for attribute, script in settings[str(self)].items():
+                    if script and os.path.exists(script):
+                        os.unlink(script)
+                    self.gp_db.delete(str(self), attribute)
+            self.gp_db.commit()
+
+        for gpo in changed_gpo_list:
+            if gpo.file_sys_path:
+                self.gp_db.set_guid(gpo.name)
+                xml = 'MACHINE/VGP/VTLA/Unix/Scripts/Startup/manifest.xml'
+                path = os.path.join(gpo.file_sys_path, xml)
+                xml_conf = self.parse(path)
+                if not xml_conf:
+                    continue
+                policy = xml_conf.find('policysetting')
+                data = policy.find('data')
+                for listelement in data.findall('listelement'):
+                    local_path = self.lp.cache_path('gpo_cache')
+                    script = listelement.find('script').text
+                    script_file = os.path.join(local_path,
+                        os.path.dirname(check_safe_path(path)).upper(),
+                                        script.upper())
+                    parameters = listelement.find('parameters').text
+                    hash = listelement.find('hash').text
+                    attribute = '%s:%s:%s' % (script, hash, parameters)
+                    old_val = self.gp_db.retrieve(str(self), attribute)
+                    if old_val is not None:
+                        continue
+                    run_as = listelement.find('run_as')
+                    if run_as is not None:
+                        run_as = run_as.text
+                    else:
+                        run_as = 'root'
+                    run_once = listelement.find('run_once') is not None
+                    if run_once:
+                        Popen(['/bin/sh %s %s' % (script_file, parameters)],
+                            shell=True).wait()
+                        self.gp_db.store(str(self), attribute, '')
+                    else:
+                        entry = '@reboot %s %s %s' % (run_as, script_file,
+                                                      parameters)
+                        with NamedTemporaryFile(prefix='gp_', dir=cdir,
+                                                delete=False) as f:
+                            f.write(intro)
+                            f.write(get_bytes(entry))
+                            os.chmod(f.name, 0o700)
+                            self.gp_db.store(str(self), attribute, f.name)
+                    self.gp_db.commit()
 
     def rsop(self, gpo):
         output = {}
+        xml = 'MACHINE/VGP/VTLA/Unix/Scripts/Startup/manifest.xml'
+        if gpo.file_sys_path:
+            path = os.path.join(gpo.file_sys_path, xml)
+            xml_conf = self.parse(path)
+            if not xml_conf:
+                return output
+            policy = xml_conf.find('policysetting')
+            data = policy.find('data')
+            for listelement in data.findall('listelement'):
+                local_path = self.lp.cache_path('gpo_cache')
+                script = listelement.find('script').text
+                script_file = os.path.join(local_path,
+                    os.path.dirname(check_safe_path(path)).upper(),
+                                    script.upper())
+                parameters = listelement.find('parameters').text
+                run_as = listelement.find('run_as')
+                if run_as is not None:
+                    run_as = run_as.text
+                else:
+                    run_as = 'root'
+                run_once = listelement.find('run_once') is not None
+                if run_once:
+                    entry = 'Run once as: %s `%s %s`' % (run_as, script_file,
+                                                         parameters)
+                else:
+                    entry = '@reboot %s %s %s' % (run_as, script_file,
+                                                  parameters)
+                if str(self) not in output.keys():
+                    output[str(self)] = []
+                output[str(self)].append(entry)
         return output
diff --git a/selftest/knownfail.d/gpo b/selftest/knownfail.d/gpo
deleted file mode 100644
index 633d33e25b9..00000000000
--- a/selftest/knownfail.d/gpo
+++ /dev/null
@@ -1 +0,0 @@
-^samba.tests.gpo.samba.tests.gpo.GPOTests.test_vgp_startup_scripts